Introduction
Alex ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our health and wellness platform.
We comply with the Australian Privacy Act 1988, the Australian Privacy Principles (APPs), and applicable international privacy regulations including Apple App Store guidelines for health data.
Health Data
What We Collect
When you connect wearable devices (such as Garmin, Oura, Fitbit, Apple Health, or Samsung Health) to Alex, we collect health and fitness data including:
- Activity metrics (steps, distance, calories burned)
- Heart rate and heart rate variability (HRV)
- Sleep duration and patterns
- Blood oxygen levels (SpO2)
- Body measurements (if provided)
- Workout and exercise data
- Water intake (if logged)
How We Use Health Data
Your health data is used solely to:
- Display your metrics within the Alex app
- Calculate daily and weekly summaries
- Enable optional wellness challenges with friends you approve
- Show your health trends over time
We Do NOT Use Health Data To:
- Serve you advertisements
- Make insurance or employment decisions
- Sell to third parties
- Train AI models without your explicit consent
- Profile you for marketing purposes
- Provide medical diagnosis or treatment advice
Data Storage
Daily Summaries: We store aggregated daily summaries (such as total daily steps, average heart rate, and sleep duration) to display your historical trends. Raw biometric data (individual heart rate readings, minute-by-minute activity) is processed to create these summaries and is automatically deleted after 90 days.
Retention Period: Daily health summaries are retained for the lifetime of your account or until you delete them. Raw health data is retained for a maximum of 90 days.
Location: Your data is stored on secure servers with encryption at rest (AES-256) and in transit (TLS 1.3).
Security
We implement industry-standard security measures to protect your health data:
- End-to-end encryption for data transmission
- Encryption at rest for stored data
- Secure OAuth 2.0 for wearable device connections
- Regular security audits and penetration testing
- Access controls limiting who can view health data
- No health data in logs, crash reports, or analytics
Sharing Your Data
With Your Consent: If you join a wellness challenge, your selected metrics (e.g., daily step count) are visible to other challenge participants you've approved.
Service Providers: Our infrastructure providers process encrypted health data as part of delivering our service. They are contractually prohibited from accessing or using this data.
We Never Share Health Data With:
- Advertisers or marketing platforms
- Insurance companies
- Employers
- Data brokers
- Government agencies (except as required by law)
AI Processing
Alex uses artificial intelligence to provide personalised wellness insights and respond to your voice and text queries. Your data is processed by the following AI service providers:
| Provider | Purpose | Location |
|---|---|---|
| OpenAI | Conversation processing, health insights | United States |
| Google (Gemini) | Advanced reasoning, multimodal analysis | United States |
| Anthropic (Claude) | Conversation processing (where enabled) | United States |
| ElevenLabs | Voice synthesis (text-to-speech) | United States |
How AI Processing Works
- Your conversations are sent to AI providers to generate responses
- Health context (recent metrics) may be included to personalise insights
- AI providers process but do not retain your data for training (per our agreements)
- All AI outputs are for wellness purposes only — not medical advice
Important: AI-generated insights are decision-support tools only. They should not replace professional medical advice. Alex cannot diagnose conditions, recommend treatments, or prescribe medications.
International Data Transfers
Overseas Disclosure: Your health data may be processed by service providers located in the following countries:
- United States: Cloud infrastructure (AWS/Vercel), AI processing (OpenAI)
- European Union: Backup infrastructure (where applicable)
When we transfer your data overseas, we ensure the overseas recipient is bound by privacy obligations comparable to the Australian Privacy Principles. This includes contractual protections requiring the recipient to:
- Handle your data in accordance with Australian privacy standards
- Not disclose your data without authorization
- Implement appropriate security measures
- Delete data upon termination of services
Note: Wearable data from Garmin, Oura, Whoop, and Fitbit is fetched from those companies' servers (typically US-based) before being processed by Alex. By connecting these services, you also agree to their respective privacy policies.
Your Rights
Under the Australian Privacy Act and applicable laws, you have the right to:
- Access: Request a copy of your health data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your health data at any time
- Portability: Export your data in a standard format
- Opt-out: Disconnect wearable devices and stop data collection
Deleting Your Data
You can delete your health data at any time:
- Disconnect a Wearable: In Settings > Connected Devices, tap "Disconnect" to stop syncing and remove stored data from that source.
- Delete All Health Data: In Settings > Privacy > Delete Health Data to remove all stored health summaries while keeping your account.
- Delete Account: Deleting your Alex account permanently removes all data, including health information, within 30 days.
Deletion is permanent and cannot be undone.
Emergency Services
Alex is NOT an Emergency Service
If you are experiencing a medical emergency, chest pain, difficulty breathing, stroke symptoms, or any life-threatening situation:
Call 000 immediately
Australia Emergency Services
Alex cannot contact emergency services on your behalf, provide emergency medical guidance, or respond to crisis situations. Do not rely on Alex in emergencies.
Medical Disclaimer
Alex provides general health and wellness information only. It is not a medical device and does not provide medical advice, diagnosis, or treatment recommendations. The health metrics and trends displayed are for informational purposes only. Always consult a qualified healthcare professional for medical advice and before making any health-related decisions.
Alex Does Not:
- Diagnose medical conditions
- Recommend or prescribe medications
- Provide treatment plans
- Replace consultations with healthcare professionals
- Guarantee the accuracy of AI-generated insights
Making a Privacy Complaint
If you believe we have breached your privacy or mishandled your personal information, you have the right to make a complaint.
Step 1: Contact Us First
Email: privacy@kproapps.com
We will acknowledge your complaint within 7 days and aim to resolve it within 30 days.
Step 2: Office of the Australian Information Commissioner (OAIC)
If you are not satisfied with our response, you can lodge a complaint with the OAIC:
- Website: www.oaic.gov.au/privacy/privacy-complaints
- Phone: 1300 363 992
- Post: GPO Box 5218, Sydney NSW 2001
Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:
Privacy Officer
Email: privacy@kproapps.com
Business: KproApps Pty Ltd
Location: Australia
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.